In my app I want an admin user to be able to log out an other user. I have the user id (which is stored as req.session.user.user_id) on that user session. Now how can I delete that other user session given the id in a Nextjs API route?

I have tried looking at the code, mainly the unseal function but I don't know what contents to pass in to either get an array of all sessions or filter sessions based on content.

Thanks

Hmm, actually maybe this won't work. From what I see it seems like the cookie itself is the session contents encrypted with the password. I was under the assumption that the cookie was like an id and the session contents are stored on the server.

I guess the best approach is to log them out on their next http request using middleware of some sort

Hope this helps someone out

The cookie contains the encrypted session information, this implementation is stateless meaning the server doesn't persist the information, it just process whatever it receives during the request.
To be able to logout another user it really depends on the architecture of your application, but a simple approach would be to store the list of users to logout in the server and validate that every time it receives a request.